I'm building a network from the ground up for the first time and just got my DC with DHCP stood up. I have a router, without DHCP connected to my switch, and the DC connected to the same switch. My DC has a IP address range of 52.12.1.1-52.12.2.251. I have a internet connection that I want to connect to my gateway that already have a DHCP server serving address to.

My question is, does the gateway stop my DHCP server from spitting addresses out to the devices on the network that is coming into my gateway to serve internet?

Network X is internet enabled and has DHCP already.

Network X is coming into my gateway/router.

Network Y has a DHCP server and I want to make sure it doesn't start serving network X.

This person is a verified professional.

I think what you are asking is whether the router will allow DHCP requests to pass across it - the answer is no, it won't, unless it is configured to do so (with an IP Helper address) so any network separated by the router will only pick up DHCP addresses from a DHCP server on the same network as it.

As an aside, the network range you are using is public - not sure if you are aware of it or not, but you may wish to consider assigning private addresses to end points on an internal network

I would like to set up a personal lab environment within an existing LAN that has router(s), switches, server, etc(basically the whole deal). That LAN operates on one IP subnet 192.168.100.0/24(I'm not sure, but I think DHCP for that subnet is running on the router which is the default gateway to the Internet.)

So a production network?

johnsimmons3 wrote:

I have a spare router here. May I plug that router into the switch under my desk that connects to the 192.168.100.0/24 LAN

If that's a production network, it's a question for your IT department. My answer would be a very stern NO.

If you want to learn IT and play around with routers and switches then go for it but no plugging stuff into production where the risk of taking down like systems exists.

This person is a verified professional.

I think what you are asking is whether the router will allow DHCP requests to pass across it - the answer is no, it won't, unless it is configured to do so (with an IP Helper address) so any network separated by the router will only pick up DHCP addresses from a DHCP server on the same network as it.

As an aside, the network range you are using is public - not sure if you are aware of it or not, but you may wish to consider assigning private addresses to end points on an internal network

This person is a verified professional.

Is there an immediate security issue or anything major with using a public IP range on an internal network or is it just a best practice?

Thank you all for the information.

As long as you are behind a firewall, there will be no immediate security risk, no (I have seen a network running on public addresses fairly recently and it hasn't been a security risk, but there is a big project to get that one shifted onto a private scheme to be compliant - in that case though, the addresses dates back to the early 90's when the RFC for private addressing hadn't been published)

But if you don't actually own the address range, it could cause problems if you try to access a system externally that uses that address range, as your router will not send the requests out.

Public is [public]....IANA assigns public addresses and guarantees them to be globally unique on the Internet. Private addresses cannot be reached on the Internet... Because Internet traffic from a host that has private addresses must either send its requests to an application layer gateway (such as a proxy server), which has a valid public address, or have its private address translated into a valid public address by a NAT before it is sent over the Internet.

Network administrators of private networks who have no plans to connect to the Internet can choose any IP addresses they want, even public addresses that IANA has assigned to other organizations. Such potentially duplicate addresses are known as unauthorized (or illegal) addresses. Later, if the organization decides to connect directly to the Internet after all, its current addressing scheme might include addresses that IANA has assigned to other organizations. You cannot connect to the Internet by using unauthorized addresses.

Do not use unauthorized addresses if even the slightest possibility exists of ever establishing a connection between your network and the Internet. On some future date, discovering that you need to quickly replace the IP addresses of all the nodes on a large private network can require considerable time and interrupt network operation.

This person is a verified professional.

I should also have mentioned, that since you make reference to building a network fro the ground up, there doesn't appear to be any reason to use anything other than a private network address range from the off, as far as I can see